03-03-2010, 03:58 AM | #1 |
Zealot
Posts: 101
Karma: 38
Join Date: Jan 2010
Location: Seattle
Device: Red PRS-600, Slate Blue Astak EZReader Pocket Pro
|
Virus pattern match upon connecting Astak Pocket Pro to my computer
I knew it would be something new and different, even interesting.
I had run the firmware upgrade after fully charging my new Pocket Pro. When I connected it to my computer's USB port my virus protection software popped up the alert attached, which reads: M:\autorun.inf Contains recognition pattern of the WORM/Conficker.Autorun.Gen worm. In this case, drive "M" is the Astak Pocket Pro. Have any of you encountered this before? I'm not too worried as my virus protection seems capable to manage it. I've disconnected, the reconnected the PP several times to confirm the sequence. The warning is triggered immediately upon clicking the menu button on the reader to connect to the PC. I tried using the "delete" option with my virus protection, and this may have removed the problem as I seem able to connect without triggering the alert. I don't know enough about autorun.inf viruses to confidently assess what's going on here. And a bit of searching via Google and on this forum hasn't turned up anything either. I know that virus detection via pattern matching can return "false positives." I'm hoping someone more knowledgeable in this area might be able to provide some insight into the matter. Thanks! |
03-03-2010, 10:43 AM | #2 |
Member
Posts: 15
Karma: 10
Join Date: Jan 2010
Device: Astak EZ Reader Pro
|
Can you delete the file? It is a virus that I have seen on my network at work. The file may be configured as read only. Once you remove that option delete it. Autorun.inf files typically contains some type of instructions so that when the CD or folder is open it will run those commands.
|
Advert | |
|
03-03-2010, 10:57 AM | #3 |
Well trained by Cats
Posts: 30,405
Karma: 58055234
Join Date: Aug 2009
Location: The Central Coast of California
Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A
|
Was M: the main memory or SDcard?
There is no Autorun file on a normal PEz distribution. A Worm could have placed one there if the device came in contact. An Autorun file is just a "Startup" direction file that tells what to do if triggered when a device is attached AND you have left your system with Autorun processing enabled. Safe way is either disable Autorun or "ALWAYS ASK ME WHAT TO DO" So the big question is where this got placed upon your PEz (BTW the real payload is an EXE file that the autorun calls to be run) |
03-03-2010, 07:04 PM | #4 |
Connoisseur
Posts: 60
Karma: 20
Join Date: Dec 2009
Location: Shenzhen, China
Device: Astak Pocket Pro
|
USB drive vaccine
Ever since I've installed this software, it has stopped all the autorun virii that enters my system thru removable drives such as USB thumb drives.
You'll be amazed at how many digital photo places have infected computers. Stick your USB drive, or any external memory card, in there, and you're infected! http://www.pandasecurity.com/homeuse...ds/usbvaccine/ Panda Vaccine. But don't get the Panda Cloud Protection, terrible resource hog. Oh, another good habit is to always open the drive and check contents by the context menu, rather than double clicking any drive, which then executes any autorun file on it. You'd need to have Show hidden systems on to see the autorun files. |
03-03-2010, 07:07 PM | #5 |
Zealot
Posts: 101
Karma: 38
Join Date: Jan 2010
Location: Seattle
Device: Red PRS-600, Slate Blue Astak EZReader Pocket Pro
|
Virus or no virus?
When I first got the warning, I just clicked "OK" to "Deny Access" to the file, as my experience with AntiVir has been that it cannot delete infected files when it first locates them. I usually check the log and delete them later or use a dedicated removal tool for that particular virus. I try to be careful so I don't run into this problem very often.
In this case I tried to view Drive M, which was the Astak's internal memory at the time as I had removed the SD card I used to flash the firmware at that point, so there is no question that it was not the memory card. However, I could not locate the file in question. I don't have any Linux distro's installed at the moment, so I don't know if I would have better look trying to view the memory of the reader using Linux, but in Windows XP I use folder settings where no files are hidden. As I clumsily reported, I repeated the connect sequence several times to confirm that the reader was triggering the alert, but on the final instance tried the option from AntiVir to delete the file, and surprisingly it didn't offer it's normal "sorry--can't do that now" message and seemed to have deleted the file. I cannot say for certain it did, as I could never see autorun.inf in the first place. But ever since then I have been able to connect the device without receiving any warnings. It doesn't sound as if this is a known issue. I'm additionally curious if it was introduced during the firmware upgrade process. Even though the file I installed was probably the same version, perhaps it was a different build copy or something? I downloaded it from theEZReader.com website a couple days ago. I suppose once the new firmware comes up, and if the problem resurfaces, that would be a clue. Anyhoozle, things seem to be humming along nicely at this point. Thanks for the input, guys! |
Advert | |
|
03-03-2010, 07:33 PM | #6 |
Kobo Aura
Posts: 252
Karma: 500520
Join Date: Feb 2009
Location: Chicago, Illinois
Device: Kobo Aura
|
It can also be a false positive. There is a higher number when you have security set at medium or high.
|
03-04-2010, 02:24 AM | #7 |
Member
Posts: 21
Karma: 140
Join Date: Jan 2010
Location: NSW, Australia
Device: ECO Reader V3ext, ECO Reader V3+
|
An old IT trick is to delete the FILE called autorun.inf and make a FOLDER called autorun.inf in the root of the device.
Windows won't allow a file of the same name to be made or pasted if a folder has the same name in the current directory. The FOLDER called 'autorun.inf' does not have to have anything in it, just leave it empty. I have used this trick successfully for years on thumb drives, SDcards, CDRW/DVDRW and secondary data HDD's with no problems. |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Ended Astak Pocket Pro | kennyc | Flea Market | 3 | 01-17-2010 05:41 PM |
astak pocket pro screen instability. | oncdoc | Astak EZReader | 10 | 12-29-2009 09:56 PM |
Please help! Torn between the Astak Pocket Pro and the COOL-ER | weeziepepper | Which one should I buy? | 21 | 12-12-2009 11:41 PM |
Questions about Astak Pocket Pro | weeziepepper | Astak EZReader | 11 | 12-07-2009 05:34 PM |
Just ordered the Astak Pocket Pro EZ | luvshihtzu | Astak EZReader | 37 | 10-25-2009 07:37 PM |